What it"s really like to negotiate with ransomware attackers
The most critical moment in a ransomware negotiation usually comes long before the victim and the hackers discuss a price......»»
Cybercriminals harness AI for new era of malware development
The alliance between ransomware groups and initial access brokers (IABs) is still the powerful engine for cybercriminal industry, as evidenced by the 74% year-on-year increase in the number of companies that had their data uploaded on dedicated leak.....»»
ALPHV/BlackCat threatens to leak data stolen in Change Healthcare cyberattack
The ALPHV/BlackCat ransomware group has claimed responsibility for the cyberattack that targeted Optum, a subsidiary of UnitedHealth Group (UHG), causing disruption to the Change Healthcare platform and affecting pharmacy transactions across the US......»»
Cryptojacking is no longer the sole focus of cloud attackers
As commercial adoption of cloud technologies continues, cloud-focused malware campaigns have increased in sophistication and number – a collective effort to safeguard both large and small enterprises is critical, according to Cado Security. Docker.....»»
LockBit leak site is back online
LockBitSupp, the individual running the LockBit ransomware-as-a-service operation, has made good on one promise: the LockBit leak site is back online on backup domains, with lists of victims expected to be unveiled in the coming days. Law enforcement.....»»
ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)
The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect.....»»
Unsurprisingly, LockBit ransomware crew has returned
It took it less than a week to come back online and even list new victims......»»
Security Bite: Jamf warns cyber hygiene among many Apple-using businesses is ‘abysmal’
Hey, Arin here. Last week was the busiest for security so far this year. We saw an unprecedented offensive on the LockBit ransomware gang; Apple moved to make iMessage future-proof with quantum computer protection, and the topic of this week, Jamf’.....»»
2024 will be a volatile year for cybersecurity as ransomware groups evolve
Hackers have significantly increased demands for ransomware, rising over 20% year-over-year to $600,000, according to Arctic Wolf. Organizations are failing to patch their networks And there are worrying signs that 2024 will be especially volatile, a.....»»
Ransomware associated with LockBit still spreading 2 days after server takedown
LockBit's extensive reach is making complete erasure hard. Enlarge (credit: Getty Images) Two days after an international team of authorities struck a major blow at LockBit, one of the Internet’s most prolific ransomwa.....»»
Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)
The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a ne.....»»
Hackers Could Use ChatGPT to Target 2024 Elections
The rise of generative AI tools has increased the potential for a range of attackers to disrupt elections around the world The rise of generative AI tools like ChatGPT has increased the potential for a wide range of attackers to ta.....»»
VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)
VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities hav.....»»
After years of losing, it’s finally feds’ turn to troll ransomware group
Authorities who took down the ransomware group brag about their epic hack. Enlarge (credit: Getty Images) After years of being outmaneuvered by snarky ransomware criminals who tease and brag about each new victim they cl.....»»
LockBit ransomware group taken down in multinational operation
Thousands of domains and servers seized from group responsible for thousands of attacks. Enlarge (credit: Rob Engelaar | Getty Images) Law enforcement agencies including the FBI and the UK’s National Crime Agency have.....»»
RCE vulnerabilities fixed in SolarWinds enterprise solutions
SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT ad.....»»
Cyberint Ransomania empowers organizations to proactively defend against ransomware attacks
Cyberint is unveiling its latest contribution to the infosec community: Ransomania. This free-to-use web application gives users access to a complete repository of ransomware data gathered by the Cyberint Research Team, empowering organizations to co.....»»
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351)
On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE.....»»
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770)
CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. Ab.....»»
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893)
Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation I.....»»
Decryptor for Rhysida ransomware is available!
Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. Rhysida and its ransomware Rhysida is a relatively new ransomware-as-a-se.....»»